Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.
Airscanner warns of Pocket Internet Explorer security flaws
Posted on 27-Jan-2005 10:45. | Tags Filed under: News.



Security firm Airscanner released information about several weaknesses in Pocket Internet Explorer, the standard web browser that comes pre-installed on Windows Mobile Pocket PC and Smartphone devices.

These flaws can be used together to trick end users into submitting local and/or sensitive data, such as usernames and passwords. The potential for exploiting these vulnerabilities are restricted only by an attacker’s imagination. The research firm says that Pocket Internet Explorer is not as powerful as its big brother Internet Explorer, and as such, an attacker is limited in what techniques can be used to launch an attack.

For example, Pocket Internet Explorer has no support for the iframe tag, which is extremely useful in XSS and browser-based attacks. In addition, Pocket Internet Explorer does not support every JavaScript command commonly used by attackers. The company has released detailed information about these flaws and give an example that combines these individual flaws into one attack, as a proof of concept. The example will only work on a Windows Mobile Pocket PC.

The flaws involve Unicode URL obfuscation, access to local files, and <div> XSS tag. The most important is the first one, since this can mislead users to believe they are accessing a website when in fact the browser is being redirected to the attacker's domain. Local file access is not quite a flaw, since all browsers can read local files, but when combined with the Unicode URL obfuscation and the <div> XSS tag a script can be written that potentially can collect personal information.


More information: http://www.airscanner.com/tests/ie_flaw/ie_at...

comments powered by Disqus




Trending now »

Hot discussions in our forums right now:

Gareth Morgan is a genius
Created by Satch, last reply by JayADee on 11-Dec-2016 16:13 (183 replies)
Pages... 11 12 13


NZ Prime Minister John Key Resigns
Created by ajobbins, last reply by Fred99 on 11-Dec-2016 07:35 (222 replies)
Pages... 13 14 15


The President Of The USA - Who do you think?
Created by TimA, last reply by DarthKermit on 10-Dec-2016 20:29 (913 replies)
Pages... 59 60 61


Spark wireless broadband and home /lan access: CGNAT limitations
Created by yokkem, last reply by BarTender on 8-Dec-2016 15:57 (19 replies)
Pages... 2


Spark not planning to deploy native IPv6 at all. Ever.
Created by Erayd, last reply by sbiddle on 7-Dec-2016 20:57 (19 replies)
Pages... 2


Woooaaahh earthquake 2016-11-14
Created by Fred99, last reply by DarthKermit on 9-Dec-2016 16:16 (471 replies)
Pages... 30 31 32


Wilson's Car Park - When Free is not free
Created by nzkiwiman, last reply by cr250bromo on 9-Dec-2016 09:30 (51 replies)
Pages... 2 3 4


Gigabit cable now available
Created by sub, last reply by chiefie on 8-Dec-2016 17:38 (733 replies)
Pages... 47 48 49